<?php

/**
 * 对微信小程序用户加密数据的解密示例代码.
 *
 * @copyright Copyright (c) 1998-2014 Tencent Inc.
 */


namespace api\api\wechat;

class WXBizDataCrypt
{
    private $appid;
    private $sessionKey;

    /**
     * 构造函数
     * @param $sessionKey string 用户在小程序登录后获取的会话密钥
     * @param $appid string 小程序的appid
     */
    public function __construct($appid, $sessionKey)
    {
        $this->sessionKey = $sessionKey;
        $this->appid = $appid;
    }


    /**
     * 检验数据的真实性，并且获取解密后的明文.
     * @param $encryptedData string 加密的用户数据
     * @param $iv string 与用户数据一同返回的初始向量
     * @param $data string 解密后的原文
     *
     * @return int 成功0，失败返回对应的错误码
     */
    public function decryptData($encryptedData, $iv, &$data)
    {
        if (strlen($this->sessionKey) != 24) {
            return $this->getErrorByCode(ErrorCode::$IllegalAesKey);
        }
        $aesKey = base64_decode($this->sessionKey);


        if (strlen($iv) != 24) {
            return $this->getErrorByCode(ErrorCode::$IllegalIv);
        }
        $aesIV = base64_decode($iv);

        $aesCipher = base64_decode($encryptedData);

        $result = openssl_decrypt($aesCipher, "AES-128-CBC", $aesKey, OPENSSL_RAW_DATA, $aesIV);


        if ($result === false) {
            return $this->getErrorByCode(ErrorCode::$IllegalBuffer);
        }

        $dataObj = json_decode($result);
//        $pad = ord(substr($result, -1));
//        if ($pad < 1 || $pad > 32) {
//            $pad = 0;
//        }
//        $dataObj = substr($result, 0, (strlen($result) - $pad));

        if ($dataObj == NULL) {
            return $this->getErrorByCode(ErrorCode::$IllegalBuffer);
        }
        if ($dataObj->watermark->appid != $this->appid) {
            return $this->getErrorByCode(ErrorCode::$IllegalBuffer);
        }

        $data = $result;
        return $data;
    }

    function getErrorByCode($errCode)
    {
//        var_dump($errCode);
        $errors = [
            ErrorCode::$IllegalAesKey => 'session_key错误',
            ErrorCode::$IllegalAesKey => 'iv错误',
            ErrorCode::$IllegalBuffer => 'encryptedData解析失败,检查appid是否正确'
        ];

        return $errors[$errCode];
    }

}

class ErrorCode
{
    public static $OK = 0;
    public static $IllegalAesKey = -41001;
    public static $IllegalIv = -41002;
    public static $IllegalBuffer = -41003;
    public static $DecodeBase64Error = -41004;
}

